Tuesday, 28 October 2014

Find hidden friends in your facebook chat

A very useful trick to find the invisible friends on your chat in Facebook.
Follow the steps given below to get shown the invisible friends.
1. Log in to your Facebook Account.
2.Go to Online Now Facebook Application.
3.It asks Request For PermissionClick on Allow.
4.Now you will get shown all the friends who are online and set their status as invisible.You can view the differences between the online friends in Facebook Chat Box andOnline Now Chat Box .
I am sure this trick is very useful and many of the Facebook users are searchingfor this trick. Now you can chat with your friends who are set their status as invisible.. Enjoy..!!

Hack Facebook by cookie stealing

Facebook Authentication Cookies
The cookie which facebook uses to authenticate it's users is called"Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account.
This is how a facebook authentication cookie looks like:
Cookie:  datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;
How To Steal Facebook Session Cookies And Hijack An Account?
An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.
In this example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.
Hack facebook account with wireshark.
Step 1 -First of all download wireshark from the official website and install it.
Step 2 -Next open up wireshark click on analyze and then click on interfaces.
Step 3 -Next choose the appropriate interface and click on start.
Step 4 -Continue sniffing for around 10 minutes.
Step 5 -After 10 minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6 -Next set the filter tohttp.cookie contains “datr”at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.
Step 7 -Next right click on it and gotoCopy- Bytes - Printable Text only.
Step 8 -Next you’ll want to open up firefox. You’ll need both. Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.
Step 9-Press. Alt C. to bring up the cookie injector, Simply paste in the cookie value into it.
Step 10 -Now refresh your page and viola you are logged in to the victims facebook account.
Note:This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.

How to Recover Deleted Facebook Messages, Photos And Videos

How to Recover Deleted Facebook Messages and Other Data. It sounds very Useful & very interesting topic. You can nowget back your past removed facebook messages, pictures and video clips, from facebook database. you have to go by the steps that are not much hard to do. Some easy steps and you did it. If you've got any difficulty then don’t ignore to comment right below the tutorial.
Before recovering old removed facebook messages, images and video clips you must have follow these things. Just some easy and simple steps to follow that are provided below
*.You need to click hereto open general account settings of your facebook account.
*.Then find option at the end"Download a copy of your Facebook data" and click on it.
*.It will show you a message that backup data has been sent on your email address.
*.Soon after few time, you will geta mail confirmation that your data is ready. Now you need to click on the link provided by Facebook. (Keep in mind This is simply for protection).
*.Then, on next page you'll see, a Download Archive Button, click it and you'll be prompt to submit your password to carry on, That is a safety action by Facebook.
*.After submitting your facebook password, on another screen you'll be found your download link for the data will be mailed to your email id that you put to make your facebook account.
*.Now download the file. Unzip that file. and open the folder where you'll recover deleted facebook messages, pictures and Videos, as well as friend list.
All data are typically in.html format.and you'll be not able to use them usually.
Therefore, you'll have to double click on the file and choose your favorite web browser to open up the file, the file will open within your browser where you'll have accessibility to all of your data.Enjoy, Don’t forget to share this tutorial with your buddies, may using this tutorial they'll be able to get back their memorable messages, that might be removed by mistake. if you've got any problem,  Don’t forget to comment.

How To Use Google Chrome For Hacking

Up till now, firefox was widely used by hackers and pentesters for their day to dayjob due to tremendous plugins that would make their work much easier for them.
However now a days i prefer google chrome more than firefox, due to wide variety of interesting extensions that may provide a great aid in hacking and pentration testing.Their are lots and lots of google chrome extension that can be used for hacking, however i have complied a list of my favorite ones, which i use frequently in order to test different types of web applications for security vulnerabilities.
How To Use Google Chrome For Hacking - Extensions
XSS Rays
Xss rays would certainly be at the top of mylist,  XSS rays includes a scanner, XSS reverser and a DOM inspection tool. Although it does makes the browser a bit unstable when you are performing heavy scans, However it's really handy in detecting XSS attacks. It's a perfect replacement to. XSSME. that is used in firefox for detecting XSS attacks.
Official Description
XSS Rays is asecuritytoolto help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.
Websecurify Scanner
Websecurify Scanner is a really powerful scanner capable of detecting lots of web application attacks. Although it generates lots of false positives, mostly related to. CSRF attacks. However it's really handy in detecting XSS attacks. It's fully awesome automated and very user friendly.
Usage
1.All you need to do is to install the websecurity scanner from the link above and visit the following page:https://suite.websecurify.com/foundation
2. Just enter the URL and it will automatically start scanning.
HPP Finder
HPP finder is capable of easily detecting Http Parameter Pollution attacks. HTTP Parameter Pollution is newest type of web application attacks, Their is not very much information available on it as compared to other attacks such as XSS,SQLinjection. However the one that's available is very handy.Official DescriptionHTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.XSS CHEFXSS Chef is a perfect replacement to BEEF (Browser Exploitation Framework) for google chrome Cookie EditorCookie Editor is a very useful google chrome extension for hackers, I mostly use it, when i am performing session hijacking attacks.

Windows 10:Everything You Need To Know

As expected Microsofthas formally announcedthe new version of Windows. As no-one expected it will be called‘Windows 10’ not Windows 9. Why?
Because Microsoft claims it represents such a significant leap over Windows 8 that calling it Windows 9 would not do it justice.I can hear your groans now, but in Microsoft’s defence Windows 10 hassome major (and long awaited) improvements.
Here are the highlights:
One OS To Rule Them All Architecturally the biggest news is that Windows 10 is being designed to run across all device form factors. That means desktops, laptops, tablets, phablets and smartphones.“Windows 10 will run on the broadest amount of devices. A tailored experience for each device,” said Terry Myerson, Microsoft Executive VP of Operating Systems. “There will be one way to write a universal application, one store, one way for apps to be discovered purchased and updated across all of these devices.
”Microsoft didn’t break down when we might see a Windows 10 smartphone and how that would impact/absorb WindowsPhone (or even elaborate on the future for Windows Phone) but it does offer clear insight into Microsoft’s long term road map.
Update: Microsoft has now confirmed ‘Windows 10′ will also bethe next major version of Windows Phone. What devices get the upgrade and how Microsoft will handle it remains to be seen. Windows 10 Start Menu
The Start Menu Is Back , but Microsoft has finally confirmed the Start Menu will return. The leaks were spot on and it will combine both aspects of the classic Windows 7 start menu with apps from the Metro/Modern UI.
Searching with in the Start Menu will now perform a web search as well.Crucially its layout can be customised so apps can be removed or resized and the flexibility and personalisation potential of the Start Menu should win back fans disillusioned about its removal in Windows 8.
Better Touch/Keyboard And Mouse Integration
Microsoft has taken criticism seriously about the jarring nature of moving between touch and the keyboard and mouse elements of Windows 8.Microsoft is calling the new approach ‘Continuum’ and it is an umbrella term for a better merger between to different input methods. Continuum will be able to automatically switch between modes by detecting on how users interact with their device. It also carries over to design aspects like the new Start Menu, windowed apps within the desktop and so forth.“We’re trying to be thoughtful about a UI that goes across all devices,” explained Joe Belfiore, Corporate Vice President of the Operating Systems Group at Microsoft.He admits Continuum remains a work in progress with refinements to things like the Charms Bar (yesit is still there) set to be an ongoing process through the life of the public beta and right up to release (more on thatlater)
Virtual Desktops
Another leaked feature Microsoft confirmed today was virtual desktops. Microsoft didn’t give the feature an official name at this stage, but it works muchlike the long used multiple desktops on Linux and Exposé on Mac OS X.The view can be triggered with a new ‘task view’ button which both allows users to launch a new virtual desktop and jump between them. Interestingly the taskbarcan be customised to look different/relevant to each desktop allowinga simple leap from work to home modes, for example.Microsoft said all open programs in the virtual desktops will continue to run in the background, which makes for some interesting memory management challengesbut also greatly increases the potential productivity of Windows as well as de-cluttering the desktop space.
Pricing / Availability
It has been much speculated that Windows 10 may be given away free to upgraders or involve a nominal fee, but Microsoft revealed no information about this in either the presentation or Q&A afterwards.What we did learn is a technical preview of Windows 10 will be made available to users later this week (Microsoft is stressing it is only for advanced users and developers at this stage) and that an official release would not follow until ‘later in 2015’.
This suggests the OS is not as far along as many expected and Microsoft is keen to develop it in conjunctionwith user feedback.
Windows 10 Start Menu search
What Will Still Don’t Know:
A Lot Perhaps what is almost as interesting as what was revealed about Windows 10 is what Microsoft kept to itself.In addition to no news on pricing, Microsoft also didn’t touch on performance (install sizeand minimum hardwarerequirements), Cortana integration (thevoice assistant in Windows Phone 8.1), give a solid release time frame or go into any detail on how Windows 10 will handle scaling on high resolution screens – crucial given 4k monitors and super highresolution laptops are quickly gaining momentum.On the flip side what we did see is a more open Microsoft. A company, perhaps shaken by the decidedly mixed reaction to Windows 8 (however fair or unfair), that is now keen to try and mix the best aspects of Windows 7 and Windows 8 into a more user friendly experience. This means releasing early builds, issuing rapid fire updates and developing in conjunction with ongoing user feedback.
Windows 10 Product Family
Is choosing the ‘Windows 10’ moniker a step too far though? “It’sa name that resonated best with what we’ll deliver,” explained Myerson.Many would argue the struggles of Windows Phone and Windows 8 have put Microsoft into a terminal decline, but tonight’s announcement – while thin on details – suggests there is still life in the old dog yet.

Friday, 10 October 2014

How To Use Google Chrome For Hacking


Up till now, firefox was widely used by hackers and pentesters for their day to dayjob due to tremendous plugins that would make their work much easier for them.

However now a days i prefer google chrome more than firefox, due to wide variety of interesting extensions that may provide a great aid in hacking and pentration testing.Their are lots and lots of google chrome extension that can be used for hacking, however i have complied a list of my favorite ones, which i use frequently in order to test different types of web applications for security vulnerabilities.

How To Use Google Chrome For Hacking - Extensions

XSS Rays

Xss rays would certainly be at the top of mylist,  XSS rays includes a scanner, XSS reverser and a DOM inspection tool. Although it does makes the browser a bit unstable when you are performing heavy scans, However it's really handy in detecting XSS attacks. It's a perfect replacement to. XSSME. that is used in firefox for detecting XSS attacks.

Official Description

XSS Rays is asecuritytoolto help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

Websecurify Scanner

Websecurify Scanner is a really powerful scanner capable of detecting lots of web application attacks. Although it generates lots of false positives, mostly related to. CSRF attacks. However it's really handy in detecting XSS attacks. It's fully awesome automated and very user friendly.

Usage

1.All you need to do is to install the websecurity scanner from the link above and visit the following page:https://suite.websecurify.com/foundation

2. Just enter the URL and it will automatically start scanning.

HPP Finder

HPP finder is capable of easily detecting Http Parameter Pollution attacks. HTTP Parameter Pollution is newest type of web application attacks, Their is not very much information available on it as compared to other attacks such as XSS,SQLinjection. However the one that's available is very handy.Official DescriptionHTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.XSS CHEFXSS Chef is a perfect replacement to BEEF (Browser Exploitation Framework) for google chrome Cookie EditorCookie Editor is a very useful google chrome extension for hackers, I mostly use it, when i am performing session hijacking attacks

"NetHunter" — Turn Your Android Device into Hacking Weapons


The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device.Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and runon an Android phone.Kali Linux. NetHunter project provides much of the power to Nexus users, those running the NetHunter penetration testing platform can now launch attacks including Teensy keyboard via HID style attacks and BadUSB man-in-the-middle (MITM) networking attacks via USB human interface device (HID), wireless 802.11 frame injection, and could setup evil access points in a single click.

Nethunter is currently available for Nexus devices only, but builds for other Android devices are likely on the way. Nethunter contained a full Kali Linux toolset, including support for self destruction, software defined radio andthe ability to launch a Kali desktop VNC session on Nexus phone.The tools are designed for use by an attacker who has physical access to a device — an insider threat — or someone who gains access through social engineering, tailing etc.On one hand,Teensy Keyboard attackson PCs can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation.

On the other hand,BadUSBcan force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the traffic of the PC through it for monitoring purposes.Additionally, the Kali NetHunter configuration interface helps users to easily manage complex configuration files through a local web interface, which together with 802.11 wireless injection and a pre-configured connect VPN service make it a “formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are.

”Kali NetHunter open source security platform supports Nexus 10 and 7 tablets and Nexus 5 phones built on the existing Kali (formerly Backtrack) Linux platform.
download it here

Popular Posts